package io.gitee.yxsnake.framework.security.config;

import cn.dev33.satoken.SaManager;
import cn.dev33.satoken.filter.SaServletFilter;
import cn.dev33.satoken.interceptor.SaInterceptor;
import cn.dev33.satoken.same.SaSameUtil;
import cn.dev33.satoken.util.SaResult;
import cn.hutool.core.collection.CollUtil;
import com.google.common.collect.Lists;
import io.gitee.yxsnake.framework.core.constant.HttpStatus;
import io.gitee.yxsnake.framework.security.config.properties.SecurityIgnoreUriProperties;
import jakarta.annotation.Resource;
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

import java.util.List;

/**
 * @author snake
 * @description
 * @since 2024/11/20 10:12
 */
@Slf4j
@AutoConfiguration
@Import(SecurityIgnoreUriProperties.class)
public class SecurityConfiguration implements WebMvcConfigurer {

    @Resource
    private SecurityIgnoreUriProperties securityIgnoreUriProperties;
    /**
     * 注册sa-token的拦截器
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        // 注册路由拦截器，自定义验证规则
        registry.addInterceptor(new SaInterceptor()).addPathPatterns("/**");
    }

    /**
     * 校验是否从网关转发
     */
    @Bean
    @ConditionalOnMissingBean
    public SaServletFilter getSaServletFilter() {
        List<String> excludeList = Lists.newArrayList();
        excludeList.add("/health");
        List<String> whites = securityIgnoreUriProperties.getWhites();
        if(CollUtil.isNotEmpty(whites)){
            excludeList.addAll(whites);
        }

        return new SaServletFilter()
                .setExcludeList(excludeList)
                .addInclude("/**")
                .setAuth(obj -> {
                    if (SaManager.getConfig().getCheckSameToken()) {
                        SaSameUtil.checkCurrentRequestToken();
                    }
                })
                .setError(e -> {
                    log.error("security-starter 认证失败，无法访问系统资源:",e);
                    return SaResult.error("认证失败，无法访问系统资源").setCode(HttpStatus.UNAUTHORIZED);
                });
    }

//    /**
//     * 对 actuator 健康检查接口 做账号密码鉴权
//     */
//    @Bean
//    public SaServletFilter actuatorFilter() {
//        String username = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.username");
//        String password = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.userpassword");
//        return new SaServletFilter()
//                .addInclude("/actuator", "/actuator/**")
//                .setAuth(obj -> {
//                    SaHttpBasicUtil.check(username + ":" + password);
//                })
//                .setError(e -> SaResult.error(e.getMessage()).setCode(HttpStatus.UNAUTHORIZED));
//    }

}

